Can't connect to my machine [Solved]

Corax · Last edited by Corax on Mon Nov 08, 2004 11:55 am; edited 1 time in total

I'm in trouble here. I set up a FTP server using vsftpd with xinetd. All's fine, so far. When testing this setup using the same box which the server is running from, I can login and browse the directories normally. The logs list the IP of my ISP, not localhost, as intended. Even the transfers run with speeds provided by my internet connection. So I assumed, the server was running normally. Fool me - when trying to connect to this server from another machine, troubles start. Working on this for almost 3 days now, I couldn't find a solution provided by any vsftpd-documentation or these forums. Although there are some posts around here that cope with similar problems, all suggestions in these topics didn't help me. (Regarding 'only_from' in xinetd.conf etc.)

I also rebuilded PAM and PAM-login, as I thought, it might be an user authentication problem, but this didn't help, too.

Let me sumarize: The problem is, that even though I am able to log in locally, any login attempts via internet do fail.

Rcomian · Posted: Tue Nov 02, 2004 9:29 pm Post subject:

I ran into this same problem with the vnc server setup.
Have you checked the file xinetd.conf for the field "only_from"

Corax · Posted: Wed Nov 03, 2004 9:39 am Post subject:

I've already done that, almost every other post on similar issues recommends checking this field. Anyway, setting 'only_from' to 0.0.0.0 or commenting it out doesn't help. But, thanks for your fast reply.

Rcomian · Posted: Wed Nov 03, 2004 1:01 pm Post subject:

Could your ISP be blocking access to that port? You might want to try changing the listen port to something high to see if that's a problem.
Also, here I'm on NTL, and I've noticed that AOL users just can't connect directly to my machine at all, although other users are fine ... could there be some ISP in your way?

Corax · Posted: Wed Nov 03, 2004 2:34 pm Post subject:

Well, this doesn't mean a difference. It is quite unlikely, that Germany's biggest Provider blocks FTP ports for its customers. Anyway, even if I change the ports to whatever, my problems still occurs.

In the meantime I figured out, that the most reliable error message, that Windows - FTP - Clients return is: Server closed control connection. This made me think of port 20 and passive ftp, but enabling 'connect_from_port_20' and 'pasv_enable' in my vsftpd.conf did not let someone log in.
So, maybe we face a misconfigured tcpwrapper? Having set only

Corax · Posted: Wed Nov 03, 2004 7:08 pm Post subject:

I recompiled xinetd as well as vsftpd without the 'tcpd' USE flag (from make.defaults). But - what shall I tell you guys - nothing got better in any way...

Corax · Posted: Thu Nov 04, 2004 5:47 pm Post subject:

I discovered a nice tool today: gnu-netcat. But it doesn't reveal significant new information. If I connect from my computer (which vsftpd is running on) to my domain on port 21, all is nice, the server responds. But if others are trying the same procedure, they don't get behind the step of name resolution... And what do you suggest now?

Corax · Posted: Fri Nov 05, 2004 10:19 pm Post subject:

I chased this problem down to be more substantial than only affecting FTP. It reveals, that it is obiously impossible to connect to my box. Even other applications, such as ssh and telnet, suffer from the same sickness :-(

So, if any firewall like iptables or shorewall (I know, it's almost the same) is not running, if I took care of tcp-wrappers configuration and configured services for my needs, following the documentation (only xinetd and vsftpd for now...) - where else can I configure and / or set permissions for inbound connections?

Corax · Posted: Mon Nov 08, 2004 11:57 am Post subject:

Got it! Finally it turned out, that, having netfilter enabled in the kernel and not having set up proper chains in iptables was kinda sloppy. This caused my problem. Gee! - I almost got bald over it.